From 6ed054492ae5c180a7bacd8246b2afc58cbc24ca Mon Sep 17 00:00:00 2001
From: Karel Slany <karel.slany@nic.cz>
Date: Mon, 25 Jul 2016 12:31:53 +0200
Subject: [PATCH] Added a check.

---
 lib/cookies/helper.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/cookies/helper.c b/lib/cookies/helper.c
index 1f2c9a18c..86bd2871b 100644
--- a/lib/cookies/helper.c
+++ b/lib/cookies/helper.c
@@ -200,6 +200,14 @@ int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
 		return kr_error(ENOMEM);
 	}
 
+	/*
+	 * Function knot_edns_opt_cookie_data_len() returns the sum of its
+	 * parameters or zero. Anyway, let's check again.
+	 */
+	if (cookie_len < (cc_len + nonce_len + hash_len)) {
+		return kr_error(EINVAL);
+	}
+
 	struct knot_sc_input input = {
 		.cc = cookie,
 		.cc_len = cc_len,
@@ -209,7 +217,7 @@ int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
 
 	if (nonce_len) {
 		kr_nonce_write_wire(cookie + cc_len, nonce_len, nonce);
-
+		/* Adjust input for written nonce value. */
 		input.nonce = cookie + cc_len;
 		input.nonce_len = nonce_len;
 	}
-- 
GitLab